Vulnerabilities > Kubernetes > High

DATE CVE VULNERABILITY TITLE RISK
2024-10-15 CVE-2024-9594 Use of Hard-coded Credentials vulnerability in Kubernetes Image Builder
A security issue was discovered in the Kubernetes Image Builder versions <= v0.1.37 where default credentials are enabled during the image build process when using the Nutanix, OVA, QEMU or raw providers.
network
high complexity
kubernetes CWE-798
8.1
8.1
2023-11-14 CVE-2023-5528 A security issue was discovered in Kubernetes where a user that can create pods and persistent volumes on Windows nodes may be able to escalate to admin privileges on those nodes.
network
low complexity
kubernetes fedoraproject
8.8
8.8
2023-11-03 CVE-2022-3172 Server-Side Request Forgery (SSRF) vulnerability in Kubernetes Apiserver
A security issue was discovered in kube-apiserver that allows an aggregated API server to redirect client traffic to any URL.
network
low complexity
kubernetes CWE-918
8.2
8.2
2023-11-03 CVE-2023-3893 Unspecified vulnerability in Kubernetes CSI Proxy
A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes running kubernetes-csi-proxy may be able to escalate to admin privileges on those nodes.
network
low complexity
kubernetes
8.8
8.8
2023-10-31 CVE-2023-3676 Improper Input Validation vulnerability in Kubernetes
A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to admin privileges on those nodes.
network
low complexity
kubernetes CWE-20
8.8
8.8
2023-10-31 CVE-2023-3955 Improper Input Validation vulnerability in Kubernetes
A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to admin privileges on those nodes.
network
low complexity
kubernetes CWE-20
8.8
8.8
2023-10-25 CVE-2023-5043 Injection vulnerability in Kubernetes Ingress-Nginx
Ingress nginx annotation injection causes arbitrary command execution.
network
low complexity
kubernetes CWE-74
8.8
8.8
2023-10-25 CVE-2023-5044 Code Injection vulnerability in Kubernetes Ingress-Nginx
Code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation.
network
low complexity
kubernetes CWE-94
8.8
8.8
2023-10-12 CVE-2023-1943 Unspecified vulnerability in Kubernetes Operations
Privilege Escalation in kOps using GCE/GCP Provider in Gossip Mode.
low complexity
kubernetes
8.8
8.8
2023-09-25 CVE-2022-4318 Improper Control of Dynamically-Managed Code Resources vulnerability in multiple products
A vulnerability was found in cri-o.
local
low complexity
kubernetes redhat fedoraproject CWE-913
7.8
7.8